Page 24 of 143 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header. Vulnerabilidad de XSS en Splunk Web en Splunk Enterprise 6.2.x en versiones anteriores a 6.2.4, 6.1.x en versiones anteriores a 6.1.8, 6.0.x en versiones anteriores a 6.0.9 y 5.0.x en versiones anteriores a 5.0.13 y Splunk Light 6.2.x en versiones anteriores a 6.2.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una cabecera. • http://www.securitytracker.com/id/1032859 http://www.splunk.com/view/SP-CAAAN7C • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el Dashboard en Splunk Enterprise 6.2.x en versiones anteriores a 6.2.4 y Splunk Light 6.2.x en versiones anteriores a 6.2.4, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securitytracker.com/id/1032859 http://www.splunk.com/view/SP-CAAAN7C • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Dashboard en Splunk Web en Splunk Enterprise 6.1.x anterior a 6.1.4, 6.0.x anterior a 6.0.7, y 5.0.x anterior a 5.0.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.splunk.com/view/SP-CAAANST • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression. Vulnerabilidad de XSS en Splunk 6.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera HTTP Referer en una respuesta '404 Not Found'. NOTA: esta vulnerabilidad puede existir debido a una regresión de CVE-2010-2429. Splunk version 6.1.1 suffers from a Referer header cross site scripting vulnerability. • https://www.exploit-db.com/exploits/40997 http://packetstormsecurity.com/files/126813/Splunk-6.1.1-Cross-Site-Scripting.html http://www.securityfocus.com/bid/67655 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header. Vulnerabilidad de XSS en Splunk Web en Splunk Enterprise 5.0.x anterior a 5.0.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera HTTP Referer. • http://www.splunk.com/view/SP-CAAANHS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •